Top
Millennium Post

Your OTP is not safe

In the digital world, protected passwords are quickly becoming another way for cheats to access bank accounts and perform illegal transactions, often to the tune of several lakhs per day, explores Abhay Singh.

On March 13, a complaint submitted by a 78-year-old stated that she had received an unknown call from a person impersonating an RBI employee who asked her to link her bank account with her Aadhar Card. As she shared her ATM card details with the OTP received on her registered mobile phone, she soon found that Rs 1.85 lakh had been deducted from her two PNB accounts. A case was registered at the Anand Vihar Police Station and, later, the gang was busted by the Cyber Cell of Shahdara district. During the investigation, the police uncovered that the gang operated from the bordering areas of Bihar and Jharkhand. This is one among many instances of criminals sitting more than 1800 km away cheating people by acquiring their bank details.

Modus operandi

Investigators in Delhi Police told Millennium Post that in one day the illicit gang could make between 60 to 200 phone calls to random numbers across India by posing as senior bank officials. "They first note the four common numbers of telecom operators in the state and then randomly select the last six digits," the police officer said adding that if the gang was able to dupe four victims per day they could easily earn one lakh rupees.

"The transaction of money from the victim's account depends on how much time the accused is able to engage him on the phone after acquiring the bank details and OTP. After the transaction they switch off the phone number," the officer added. Shahdara district police busted a racket wherein cheats would download mobile apps of different banks, feed random mobile numbers into the app to check whether it is connected to a bank account, tap some basic information and then con those persons over the telephone.

Extensive training

The kingpin, after learning the art of cheating, ensures that his gang members receive proper training in English and the mother tongue of another state. This would be used to dupe victims through a phone call and mark the start of cheating in remote areas. "It took around 20 to 25 days to learn the basic language which is used during the phone conversation. Most of the accused, despite meagre education, spoke fluent English and 10 regional languages to trap the victims," said the police officer.

In January 2018, Shahdara district police nabbed a person from Jharkhand who primarily operated from Chittaranjan in West Bengal and Jamtara in Jharkhand. An investigator told Millennium Post that the accused, who would sit miles away from Delhi, would dupe people by accessing their OTP and other bank details. He added that the members of the gang were diligently trained to speak in different languages, in different dialects and accents, to con unsuspecting people living in remote areas of north Indian states.

The police claimed that the gang members had a restricted grasp over the language. As conversations would stray, the members would disconnect the call and turn off their phones.

The fortress of fraud

The Cyber Cell team of Shahdara district busted a huge cheating racket running in Jharkhand. In Jamtara area of Jharkhand, Ram Kumar Mandal, the kingpin of the online racket, had turned the area into a fortress. The accused was living a king life in the remote areas after building a house on 2000 acres of land.

The investigator further said that one person would patrol the area where his house was situated and if any vehicle was coming he warned the kingpin who fled the house and ran towards the peripheral jungle. He was using a spinner phone which could easily be hidden. "The number of his associates were saved as alphabets like AMMM or ABBB," said an investigator. The team who made the arrest was led by Inspector Sanjay Sharma, Sub Inspectors Rohtash and Devendra Chahar. DCP (Shahdara) Nupur Prasad herself kept a tab on the entire operation.

Police claimed that the gang would make a fake call impersonating a Bank Manager or an employee of RBI, and asked the complete details of the cardholder. After obtaining the credential information, they transferred the whole amount into various virtual accounts and routed the money into other e-wallets. Finally, they transferred the money into bank accounts and paid utility bills i.e. electricity bill, DTH and mobile recharge. Hence, converting illegal money stored in e-wallets into cash.

Investigating a long chain

After the transfer of money, the kingpin had built several chains of people on commission. One chain comprised of shopkeepers in local neighbourhoods who would collect the illegal money through digital wallets. They would then use the pretext of assisting residents of the locality in paying their electricity bills to accrue the hard cash from them. Thereafter, the e-wallet money was used to pay the bills and the hard cash became their personal money. The black money, in a conniving network, soon became white money. During the investigation, the police found that there were several bills which were paid through the e-wallets containing illegal money. "The person whose bill was paid was innocent as he had no idea of this entire operation. The investigation continued and, finally, we came to know about the main accused," said the police officer.

Fake job pages

Get a job of up to Rs 30,000 per month – advertisements that often lure young aspirants, eventually drawing them into a trap as they disclose their bank details which are rampantly misused. According to the police, this is another modus operandi which is being investigated. "Many job aspirants fail to check whether the page is secure or not. When they click the page, it asks the aspirants to fill the bank details for downloading certain forms," the police said.

The Cyber Cell investigator said that after the details of the bank account are filled on the page, the accused also received the details on his page and within a few minutes, the culprit withdraws the money from the account of the victims. "There are three different types of money transactions in the fake pages – some will ask the OTP and the other pages can ask about the debit or credit card number, CVV and ATM pin," said the investigator.

'Skimmer' makes ATM unsafe

Police claimed that before committing the crime, the criminals select an unmanned ATM. They then installed the skimmer at the mouth of ATM where the card is inserted and the IP Camera was installed just above the keypad. After accruing the data, they would pass it to the other accused. In return for that data, they either took cash or they cloned the ATM card from the accused. After that, they began withdrawing money from the ATM. Not only Indians but foreigners too are involved in the crime. The investigator probing the case of two Romanian cheats arrested for their involvement in stealing money from unmanned ATMs claimed that the accused invested the stolen money on holidays and purchasing data of cloned ATMs from the grey market.

Remote areas

If other state police teams raided the particular place the accused escaped to the bordering forests – they were well familiar with the terrain. In the Jamtara case, Sub Inspectors Rohtash and Devendra Chahar and their team walked for over 50 km so as to not alert the accused with their vehicle.

To the rescue

Whether the newspaper or internet, Delhi Police and the government have repeatedly urged citizens to never share any personal details with strangers over the phone. Police claimed that the accused always check the new and mandatory policies of the government. They called the possible targets, posing as bank officials and persuaded them that the policy is mandatory and if not followed would lead to account closure.

Sim Swap

The gangs who are involved in these crimes gather the details of the customer through illegal means. Once the information is gathered, first, they call the victim's cell phone provider and claim that his or her sim card has been lost or damaged or they want to upgrade to 4G. They will then send a 20 digit number of a blank sim through message and ask the customer to forward the number to a fake customer care number and, as soon as the number is forwarded, the victim's sim is deactivated and the accused acquires the mobile number with which he can access the bank details and undertake any transaction.



In two years, the city has seen numerous cheating cases, with more than 9,000 such cases being registered with Delhi Police. Of these, cops have solved 1,237 cases. Data accessed by Millennium Post showed that as many as 5,396 cheating cases were reported in 2016, and 3,643 cases were reported in 2017, till October 31. The data also shows that 691 cases from 2016 were solved, while 546 cases were solved this year. Around 1,093 people were nabbed last year, while this year as many as 824 have been arrested.

Next Story
Share it